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Claim Rejections - 35 USC §112 

1. The following is a quotation of the first paragraph of 35 U.S. C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

2. Claims 2-10 and 21 are rejected under 35 U.S.C. 112, first paragraph, as failing to 
comply with the written description requirement. The claim(s) contains subject matter 
which was not described in the specification in such a way as to reasonably convey to 
one skilled in the relevant art that the inventor(s), at the time the application was filed, 
had possession of the claimed invention. Independent claim 21, which claims 2-10 
depend from either directly or indirectly, has been amend to recite the term "portals." 
This term is not recited in the specification, however the examiner does note that the 
specification does recite website. The examiner further notes while the term "portal," 
does have a similar definition to that of the term "website," the two definitions are not 
identical. Accordingly, the subject matter included in definition for the term "portal," but 
not included in the definition for the term "website," introduces new matter into the 
application. 

3. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

4. Claims 5, 7-10, and 15 are rejected under 35 U.S.C. 112, second paragraph, as 
being indefinite for failing to particularly point out and distinctly claim the subject matter 
which applicant regards as the invention. 
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5. Claims 5 and 15 recite the limitation "the identification code," in pages 3-4 of 
amendment filed February 17, 2009. Claims 5 and 15 depend from independent claims 
21, 21 and dependent claims 4, 14, respectively, none of the claims that claim 5 and 15 
depend from recite "an identification code," accordingly there is insufficient antecedent 
basis for "the identification code," in claims 5 and 15. 

6. Claims 7-10 recite the limitation "the identified session," in pages 3-4 of 
amendment filed February 17, 2009. Claim 7-10 depend directly from independent 
claim 21, which does an recite "an identified session," and instead recites "an original 
session," accordingly there is insufficient antecedent basis for "the identified session," in 
claims 7-10. 



Claim Rejections - 35 USC § 102 

6. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

7. Claims 2-3, 7-10, 12-13, and 17-22 are rejected under 35 U.S.C. 102(e) as 
being anticipated by Wood et al. (US 2004/0210771). 



Regarding Claims 8, 18, 21 and 22: 
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Wood discloses a security system for real time monitoring and controlling of 
communication sessions within a network server environment ("Providing a persistent 
session in a networked information environment includes associating a unique session 
identifier with a set of access requests originating from a client entity and maintaining 
the unique session identifier across a credential level change" See paragraph 11), 
wherein each original session enables operating a sequence of processes including 
operations carried out in the server environment ("Session continuity means the 
maintenance of coherent session state across one or more interaction between an 
entity and an information environment." See paragraph 45), the system having at least 
one server ("A secure information system includes plural information resources host on 
one or servers coupled via a communication network to a client entity." See paragraph 
15) enabling to communicate with a multiplicity of client users ("Client Browser" See fig. 
1 ref. no. 170 and "In general a wide variety of entities, including human users operation 
browser and/or non-browser client applications as well as automated agents or 
systems, may interact with enterprise applications and/or resources 190 and the 
security architecture as described herein." See paragraph 41) via at least one 
communication network ("Communication network" See paragraph 15), wherein each 
client user enables accessing portals and operating sessions in the portals ("A variety of 
information resource identification schemes, such as by Uniform Resource Locator 
(URL), resource address, identifier or namespace designation, may be employed." See 
paragraph 41 ), and at least one module operated by the at least one server 
("Gatekeeper," "Log-In," "Authentication," "Authorization," "Identification," and "Session" 
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See fig. 1 ref. nos. 110, 120, 130, 140, 150, and 160), wherein the at least one module 
enables associating a session ID to the original session of the client user ("If no session 
token is present or if a session token is invalid, gatekeeper/entry handler component 
1 10 establishes a new session." See paragraph 47) and to each process in the 
sequence of processes operated by the original session, ("Gatekeeper functionality (e.g. 
in gatekeeper/entry handler component 110) checks whether a session is already 
associated with the incoming request." See paragraphs 44-47) wherein the session ID 
enables determining an authorization level ("Authenticated Trust Level" See paragraph 
46) of session in accordance with predefined determination rules ("The mapping of login 
credential types and authentication mechanisms to trust levels is influenced by 
environment information such as time of request, source of request, connection speed, 
and/or client application (e.g., browser) environment information." See paragraphs 37- 
38), where the determination rules refer to the properties of the original session 
("Security requirements are expressed in terms of trust levels and login component 120 
obtains login credentials for an entity requesting access to one of the enterprise 
applications and/or resources 190." See paragraph 35), wherein each session ID is 
related to the manner in which the client user has operated the original session ("The 
login credentials obtained are selected from a set of credential types that, if 
authenticated are sufficient to achieve the trust level requirement of an application or 
information resource to be accessed." See paragraph 35), wherein each process in the 
sequence is associated in real time with the same session ID of the original session 
enabling the module to continuously monitor operation of each process of each client 
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user ("In the case of a pre-existing session, the signed session credential may be 
obtained using a received session token." See paragraph 48), while the at least one 
server enables operating the processes of each original session according to the 
authorization level related to the session ID ("Authorization component 140 may base its 
allow, redirect, or refuse response on a current trust level previously associated with the 
signed session credentials." See paragraph 48). 
Regarding Claims 2 and 12: 

Wood discloses a filtering module installed at the at least one server for blocking 
unauthorized processes in accordance with determined authorization level 
("Authorization component 140 responds with an allow, redirect, or refuse response 
based on the sufficiency of a current trust level." See paragraph 48). 
Regarding Claims 3 and 13: 

Wood discloses at least one agent installed on the at least one server, the agent 
enable correlating between processes and sessions on different servers ("Gatekeeper 
and entry handler component 1 1 0 provides an entry point for external client applications 
requesting access to enterprise applications and/or resources 190, including e.g., 
information resources 191, 192, 193, for which access management is provided by the 
security architecture." See paragraph 33). 
Regarding Claims 7 and 17: 

Wood discloses the identified session properties are sign in parameters ("Login 
component 120 operating in conjunction with gatekeeper/entry handler component 110 
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and other components of the security architecture, provides a single sign-on interface 
for access to enterprise applications and/or resources 190." See paragraph 35). 
Regarding Claims 9 and 19: 

Wood discloses the identified session properties are hyperlink session address 
type parameters ("In some configuration, information on line speed, origination point 
(e.g., inside or outside of a corporate network), browser type, encryptions capability, 
number of hops latency, system type, etc. may be gather." See paragraph 43). 
Regarding Claim 10 and 20: 

Wood discloses the original session is identified according to a unique 
Transmission Control Protocol port ID ("For network connection, similar environment 
information may be obtained from incoming requests themselves or based on a 
particular entry point (e.g. a particular router or port)." See paragraph 43). 

Claim Rejections - 35 USC § 103 

8. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

9. Claims 4-6 and 14-16 are rejected under 35 U.S.C. 103(a) as being obvious over 
Wood et al. (US 2004/0210771) in view of Carter et al. (US 2003/0051026). 
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Wood discloses the above stated security architecture for providing access to 
enterprise applications and resources based on a session token's current trust level 
(See paragraph 35). 

Wood does not disclose each process has a process information vector wherein 
the session ID of the original session is added to the process information vector of each 
process in the sequence related to the original session. 

Carter discloses a network surveillance and security system for monitoring and 
protecting a computer network that uses a process identification vector to associate a 
user ID with a unique process ID (See paragraph 342 and 363). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify the security architecture disclosed by Wood to include using a 
process identification vector to associate a session ID with a unique process ID such as 
that taught by Carter in order to enable the utilization of matrices to track and control 
information and processes (See Carter paragraph 339). 

Response to Arguments 

1 0. Applicant's arguments with respect to claims 2-1 0 and 1 2-22 have been 
considered but are moot in view of the new ground(s) of rejection. 
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Conclusion 

1 1 . Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to BRETT SQUIRES whose telephone number is (571) 
272-8021 . The examiner can normally be reached on 9:30am - 6:00pm Monday - 
Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571 ) 272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

IBS/ 

/Ayaz R. Sheikh/ 

Supervisory Patent Examiner, Art Unit 2431 



